1. Name and address of the Data Controller
The Data Controller within the meaning of the GDPR and the FADP is
2. Data Protection Officer
The Data Protection Officer of the Data Controller can be reached at:
Our employees and agents who process your enquiries are obliged to maintain confidentiality.
4. Your Rights
If your personal data are processed, you are a data subject within the meaning of the GDPR and the FADP. You have the following rights against us as the Data Controller:
(1) You have a right to obtain confirmation as to whether and which personal data we process in relation to you. (GDPR and FADP)
(2) You have a right to rectification and erasure of this personal data. (GDPR and FADP)
(3) You have a right to restriction of processing of your personal data. (GDPR and FADP)
(4) You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you. This does not apply if a legal provision obliges or entitles us to collect, process or use this data. (GDPR and FADP)
(5) Furthermore, you may withdraw any consent you have previously given to the collection, processing and use of your personal data at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of such consent until the withdrawal. (GDPR and FADP)
(6) You also have a right to data portability.
(7) To exercise your rights or for information and/or explanations of your rights, please contact our data protection officer by e-mail or by post (for contact details, see under “Data Protection Officer"). We will be happy to provide you with access to your personal data in our database upon request. The information is free of charge. (GDPR and FADP)
(8) In addition, you have the right to lodge a complaint to a data protection supervisory authority about our processing of your personal data. (GDPR and FADP)
(1) “Customer Portal” means the online tool accessible via www.candulor.com through which you can access the following “Services”.
(2) “Services” means all the services we offer through our “Customer Portal”. Depending on whether the service is available in the respective country, the following services can be currently used on this platform:
a. “Customer enquiries” about our products and services: This Service allows our customers to provide their contact details and request information about our products and Services.
b. “Webshop”: The Webshop allows our registered customers to order online the products available online in the respective country and have them delivered to the desired address.
c. “SSOP”: The Swiss School of Prosthetics by Candulor enables customers to book online and onsite courses and seminars available in the respective country, both for a fee and free of charge.
d. “Event Registration”: This service allows customers to register for marketing events available in their country, such as roadshows, trade fairs, product demonstrations, KunstZahnWerk competition, competitions/prize draws and request free product samples.
e. “Scan & Order Registration”: This service allows our customers to register as a customer and to link the dental cabinets purchased to the customer ID in order to coordinate dental orders independently.
f. “ToothScout App”: This service enables users to create a personal profile and patient files. This allows type-appropriate tooth shapes to be selected and stored in the patient file. This data are the property and responsibility of the user. CANDULOR does not have access to patient data.
g. “Newsletter”: To stay informed, interested parties can subscribe to our Candulor and/or SSOP newsletter. You may revoke your consent at any time in the future. To withdraw your consent, please send an e-mail to firstname.lastname@example.org or click on the unsubscribe link at the bottom of our newsletter.
h. “eIFU”: The eIfU functionality delivers the instructions for use for each product. By subscribing to changes, we send a notification whenever a document has been updated.
6. What data is collected and stored
Which data is collected and stored depends on which services you use on our platform.
(1) Data or categories of data:
(a) As with any website, our server automatically and temporarily collects and stores the following information in the server log files, which are transmitted by the browser, unless this has been deactivated by you:
- domain name or IP address of the requesting computer
- file requests of the client (file name and the corresponding data of the complete Internet address)
- the HTTP response code
- the Internet page from which you are visiting us (referrer URL)
- date and time of the server request
- browser type and version
- operating system used by the requesting computer
(b) When using the platform for customer enquiries, the following data are collected from the customer. Mandatory details required for processing are marked separately when entering, further information is voluntary:
- First name & Surname
- Company name
- Street & house number of the company
- Company postcode
- Company location
- Company country
(c) When using the “Webshop” service, the following further data are collected in addition to the personal data already mentioned while using the platform for customer enquiries:
- Invoice and delivery address(es)
- Products and services you order or purchase
- Customer number
- Province of the company
- Preferred communication channel
(d) When using the “SSOP” service, the following further data are collected in addition to the personal data already mentioned while using the platform for customer enquiries:
- Invoice address
- Courses/seminars that you order or book
- Your feedback on our products and services in the sense of ratings, customer reviews or customer satisfaction
(e) When using the “Event Registration” service, in addition to the personal data already collected while using the platform for customer enquiries, the following further data will be collected:
(f) When using the “Scan & Order Registration” service, in addition to the personal data already collected while using the platform for customer enquiries, the following further data will be collected:
- Candulor Customer Code
- Tooth cabinet code
- Products you purchase
(g) When using the “ToothScout App” service, in addition to the personal data already collected while using the platform for customer enquiries, the following further data will be collected:
- Candulor ID
(2) Data subject groups:
(a) Users of the homepage
(b) Our customers
(c) Employees of our customers
(d) Contractual partners of our customers
(e) Our employees
7. For what purpose are your data collected and stored and how are they used?
We process your personal data to operate, provide and improve our services. These purposes include:
- Information about our products and services requested by the interested parties and customers. We use your personal data to send you the information you have requested via the desired communication channel.
- Purchase and supply of products and services. We use your personal data to take and process orders, deliver products (whether chargeable or free of charge) and provide services (whether chargeable or free of charge), develop and assess the need for new products and services, develop, test and launch new products and services, process payments and communicate with you about orders, products and services (e.g. transactional communications or requests for feedback in terms of ratings, customer reviews, customer satisfaction, needs assessment, development, testing and launch of purchased products or services). Furthermore, we use your personal data to fulfil our legal (e.g. warranty) and contractual (e.g. guarantee contract) obligations within the scope of the purchase, guarantee or service contract.
- Providing, troubleshooting and improving our services. We use your personal data to provide features, analyse services and products, troubleshoot and improve the usability and effectiveness of our services.
- Recommendations and personalisation. If you have consented to this, we will process your personal data to recommend functionality, products and services that may be of interest to you, to identify your preferences and to personalise your experience of our services.
- Compliance with legal obligations. In certain cases we are subject to legal obligations to collect and process your personal data. For example, we collect data from buyers regarding their registered office, tax number (if required) and their bank account information for identity verification and other purposes.
- Communication with you. If you have consented to this or if another legal basis (e.g. contract or legitimate interest) allows this, then we will use your personal data to communicate with you via various channels (e.g. by phone, email, chat, messenger, SMS, fax, in person, by post or other communication tools) regarding our products and services.
- Advertisements and marketing. If you have consented to this, we will use your personal data already collected and other data such as your interactions with our and other’s services (such as social media platforms), content or services, which we will automatically evaluate to serve interest-based ads for products and services or, if you have consented, to send you information about products and services from us and our affiliates (https://www.ivoclar.com/en_li/tools/group-companies) that may be of interest to you by email or through communications. We use data that personally identifies you to display interest-based advertising.
- Reminder of a shopping basket that has not been completed. If you have agreed to this, you will be informed by e-mail that you have products or services in your shopping basket in our Webshop without having completed the purchase.
- Fraud prevention and credit risks. We process personal data to prevent or detect fraud and abuse to protect the security of our customers, our business and third parties. To assess and deal with credit risks, we also use scoring procedures where appropriate and work with external partners.
- Review and supplement our data. We process personal data in order to check the accuracy of these data and to supplement them if necessary. To this end, we also collect publicly available data on social media platforms and, where appropriate, we work with external partners that provide us with data.
- Purposes for which we seek your consent. We may ask for your consent to process your personal data for a specific purpose, which we will communicate to you. If you consent to the processing of your personal data for a specific purpose, you may freely withdraw your consent at any time and we will stop processing your data for that purpose.
8. Social networks
9. What about cookies?
A cookie is a small file containing a string of characters that is transmitted to your computer when you visit a website. If you then visit the website again, the cookie allows this page, for example, to recognise your browser again. Cookies are not usually used to store personal data, but can store user preferences and other information. You can set your browser to reject all cookies or to inform you when a cookie is sent. Please follow the instructions in the help function of your browser regarding the prevention and deletion of cookies.
10. Recipients of the data or categories of recipients
We disclose customers’ personal data to the extent described below:
- Departments of CANDULOR AG and affiliated companies (https://www.ivoclar.com/en_li/tools/group-companies) and their employees,
- technical services, insofar as necessary for the fulfilment of the contractual relationship,
- data processors and other service providers and contractual partners, to the extent necessary for the fulfilment of the contractual relationship, and
- public bodies under overriding legal obligations
Service provider and contractual partner:
Protection of the Data Controller:
We disclose personal data about customers when we are required to do so by law or when such disclosure is necessary to enforce our general terms and conditions or other agreements or to protect our rights and the rights of our customers and third parties. This also includes data exchange with companies to prevent and minimise misuse and credit card fraud.
In all other cases, we will inform you if personal data are to be transferred to third parties. This gives you the opportunity to decide that your data should not be shared with the third party.
Data transfer to countries outside the European Economic Area:
11. Legal basis for data processing by the Data Controller
Insofar as we obtain the consent of the data subject for processing operations involving personal data, this consent shall serve as the legal basis.
Where the processing of personal data is necessary for the performance of a contract to which the data subject is a party, the performance of the contract shall serve as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, this legal obligation serves as the legal basis.
In the event that vital interests of the data subject or another natural person make processing of personal data necessary, those vital interests shall serve as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the former interest, this legitimate interest shall serve as the legal basis for the processing.
12. Data erasure and duration of retention
We will inform you of further retention durations. For example, we keep your order summaries so that you can review past purchases and the addresses to which you have sent your orders (and repeat orders if you wish) and so that we can improve the relevance of the products and content we recommend. We store the personal data collected each time our platform is called up and files are transferred for a maximum period of one year. These data are stored for reasons of data security - in particular, to defend against attempted attacks on our web servers - as well as to ensure the stability and operational security of our systems.
13. Data Security
We use up-to-date technical and organisational security measures to protect the data under our control against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons. E.G.:
- To protect the security of your information during transmission, we use Secure Sockets Layer software (SSL). This software encrypts the data that you transmit.
- We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personal information of our customers. These security measures include asking you to provide proof of your identity before we disclose any personal information to you.
Our security measures are continuously improved in line with technological developments.
14. Commissioned data processing
A transfer to external service providers may take place within the framework of commissioned processing under according to GDPR and FADP. These processors have been carefully selected and commissioned by us, are bound by our instructions and the provisions of the GDPR and the FADP and are regularly monitored.
The following Data Processors have been engaged for the platform:
- Netigate (Survey tool)
- EasyLMS (for SSOP exams)
- Pimcore (Cloud)
If necessary, other Data Processors can be added. Upon your request, we will provide you with a list of all Data Processors.
15. Transfer of data to third countries
Some of our affiliates and contractors are located in countries with a different level of data protection. This is particularly the case for countries that do not belong to the European Economic Area (EEA). A full list of our affiliated companies can be found here:
The transfer of personal data to countries outside the EEA will only take place under the following conditions:
- if the European Commission takes a so-called adequacy decision on the third country pursuant to Article 45 GDPR, i.e. has declared that the third country provides a level of data protection adequate to that of the EU or Switzerland or that the recipient state ensures adequate protection (Art. 16, Para. 1 of the FADP); or
- without an adequacy decision but with a sufficient level of data protection, if appropriate data protection measures (e.g. standard contractual clauses of the EU Commission or Switzerland in the currently applicable version) have been agreed in a legally binding manner with the recipient of the data; or
- without an adequacy decision and without a sufficient level of data protection, if appropriate data protection measures (e.g. standard contractual clauses of the EU Commission or Switzerland in the currently applicable version) and additional safeguards have been agreed in a legally binding manner with the recipient of the data. Additional safeguards may include binding internal data protection rules (e.g. intercompany agreements with third party effect, Binding Corporate Rules) or a positive law enforcement report, a risk assessment questionnaire with a low risk result or a declaration not to be subject to US FISA 702. You can request a copy of these agreements from the Data Controller or the Data Protection Officer; or
- if you have expressly consented to the proposed data transfer or we are entitled to transfer for another reason mentioned in Article 49 GDPR or the FADP.
Your personal data will only be forwarded to the extent necessary to fulfil our obligations, in particular within the Ivoclar Group. We will not sell, license or rent your personal data to parties other than those already mentioned without your consent. We will disclose your information if we have a good faith belief that disclosure is necessary to comply with the law, for law enforcement purposes or to comply with a court order, or to protect the rights, property or safety of another person, including our own property or rights.
In some cases, e.g. if there is a corresponding court order, we are legally required to transmit data to a requesting public authority or a third party. This may also be without being allowed to inform you.
16. Tracking with fusedeck
This Website uses “fusedeck”, a tracking solution provided by Capture Media AG (hereinafter referred to as “Capture Media”). Capture Media is a Swiss company having its registered office in Zurich which, on behalf of its customers, measures website usage in the context of engagements and events. Tracking is anonymous so that it is impossible to attribute any information gained to any identified or identifiable persons.
17. Infrastructure Monitoring with Dynatrace
The website uses Dynatrace as a monitoring tool for technical issues users could experience. Dynatrace is a US company located in Waltham. The solution tracks technical errors and stores an anonymized user session recording if errors appear.
For more information, please refer to the data compliance declaration of Dynatrace:
Revised: November 2023